2005-03-16 00:33:20

by Greg KH

[permalink] [raw]
Subject: Linux 2.6.11.4

I've release 2.6.11.4 with two security fixes in it. It can be found at
the normal kernel.org places.

The diffstat and short summary of the fixes are below.

I'll also be replying to this message with a copy of the patch between
2.6.11.3 and 2.6.11.4, as it is small enough to do so.

thanks,

greg k-h

------
Makefile | 2 +-
drivers/net/ppp_async.c | 2 +-
fs/exec.c | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)


Summary of changes from v2.6.11.3 to v2.6.11.4
==============================================

Greg Kroah-Hartman:
o Linux 2.6.11.4

Paul Mackerras:
o CAN-2005-0384: Remote Linux DoS on ppp servers

Prasanna Meda:
o use strncpy in get_task_comm


2005-03-16 00:33:03

by Greg KH

[permalink] [raw]
Subject: Re: Linux 2.6.11.4

diff -Nru a/Makefile b/Makefile
--- a/Makefile 2005-03-15 16:09:59 -08:00
+++ b/Makefile 2005-03-15 16:09:59 -08:00
@@ -1,7 +1,7 @@
VERSION = 2
PATCHLEVEL = 6
SUBLEVEL = 11
-EXTRAVERSION = .3
+EXTRAVERSION = .4
NAME=Woozy Numbat

# *DOCUMENTATION*
diff -Nru a/drivers/net/ppp_async.c b/drivers/net/ppp_async.c
--- a/drivers/net/ppp_async.c 2005-03-15 16:09:59 -08:00
+++ b/drivers/net/ppp_async.c 2005-03-15 16:09:59 -08:00
@@ -1000,7 +1000,7 @@
data += 4;
dlen -= 4;
/* data[0] is code, data[1] is length */
- while (dlen >= 2 && dlen >= data[1]) {
+ while (dlen >= 2 && dlen >= data[1] && data[1] >= 2) {
switch (data[0]) {
case LCP_MRU:
val = (data[2] << 8) + data[3];
diff -Nru a/fs/exec.c b/fs/exec.c
--- a/fs/exec.c 2005-03-15 16:09:59 -08:00
+++ b/fs/exec.c 2005-03-15 16:09:59 -08:00
@@ -814,7 +814,7 @@
{
/* buf must be at least sizeof(tsk->comm) in size */
task_lock(tsk);
- memcpy(buf, tsk->comm, sizeof(tsk->comm));
+ strncpy(buf, tsk->comm, sizeof(tsk->comm));
task_unlock(tsk);
}

2005-03-16 00:56:21

by Hacksaw

[permalink] [raw]
Subject: Re: Linux 2.6.11.4

+ while (dlen >= 2 && dlen >= data[1] && data[1] >= 2) {

Not that it matters much to me, since I don't have to maintain it, but
couldn't this be:

while (data[1] >= 2 && dlen >= data[1]) {

I think this captures the relationship and priority.
--
http://www.hacksaw.org -- http://www.privatecircus.com -- KB1FVD


2005-03-16 18:19:30

by Greg KH

[permalink] [raw]
Subject: Re: Linux 2.6.11.4

On Wed, Mar 16, 2005 at 02:11:43PM +0100, Krzysztof Halasa wrote:
> Greg KH <[email protected]> writes:
>
> > I've release 2.6.11.4 with two security fixes in it. It can be found at
> > the normal kernel.org places.
>
> How about the N2/C101/PCI200SYN WAN driver fix (kernel panic on receive)?
>
> Signed-off-by: Krzysztof Halasa <[email protected]>

It's queued up for the "normal" review process (will probably start
tomorrow, or later today.) This release was due to the ppp issue being
public.

thanks,

greg k-h

2005-03-16 18:42:44

by Jeff Garzik

[permalink] [raw]
Subject: Re: Linux 2.6.11.4

Greg KH wrote:
> On Wed, Mar 16, 2005 at 02:11:43PM +0100, Krzysztof Halasa wrote:
>
>>Greg KH <[email protected]> writes:
>>
>>
>>>I've release 2.6.11.4 with two security fixes in it. It can be found at
>>>the normal kernel.org places.
>>
>>How about the N2/C101/PCI200SYN WAN driver fix (kernel panic on receive)?
>>
>>Signed-off-by: Krzysztof Halasa <[email protected]>
>
>
> It's queued up for the "normal" review process (will probably start
> tomorrow, or later today.) This release was due to the ppp issue being
> public.

Krzysztof's patch is already ACK'd by me, FWIW (and its in upstream).

Jeff